Cons
Scored poorly in hands-on tests of malware blocking and removal. Because it focuses solely on up-to-the-minute threats, it simply won't clean up existing malware infestations. Threats blocked at the Web level may be missed completely if they arrive via other routes or via URLs that aren't blacklisted.

Bottom Line

Trend Micro's AV is lightweight, attractive, and unobtrusive, but the "does its job" part fell by the wayside. It won't clean up already-infested systems, and its protection for clean systems makes too many assumptions.

Trend Micro's new Titanium line of security products aren't meant to be seen. They aim to protect you silently, without confusing queries or unnecessary notifications. Users of Trend Micro Titanium Antivirus + 2011 ($39.95 direct; $59.95 for three licenses) never need to see the main console after its initial appearance at installation. That makes perfect sense given that three quarters of Trend Micro's users self-identify as not technically skilled. Focus groups found that users want an antivirus product that does its job without ever bothering them. The point of the Titanium product line is to stay light and unobtrusive yet provide complete protection. It succeeds in the first of those two goals.

Living in the Present
Modern variants of Trojans, viruses, and other malware threats come and go with frightening speed. Trend Micro's analysts have determined that the average threat found in the wild exists for just three days. Does that seem short? It isn't. A truly vast number of mayfly-like variants exist for such a short time that the median lifespan of a malware threat in the wild is just 15 minutes.

In a recent meeting with Symantec, I encountered figures supporting Trend Micro's findings. Symantec's analysts point out that widespread, world-girdling threats are now extremely uncommon. On average, a unique malware variant infects just ten computers, while the median number of users affected by a given variant is exactly one.

There are many approaches to handling the constant stream of new virus variants. Some vendors use malware signatures that are "fuzzy" enough to catch a family of related threats. Some use heuristic techniques that analyze program code and recognize patterns common to malware. Some devise elaborate behavior analysis schemes. Many use all three approaches, in addition to traditional antivirus signatures.

Trend Micro's antivirus uses elements of all these approaches and relies strongly on support from their cloud-based malware detection system. In a bold move to keep the product fast and light, they've chose to focus entirely on threats that are active right now. They're aware this means they won't score well on "wild list" tests that use threats of all ages. Even my own samples are several months old. As my test results confirm, this is too old for detection by Trend Micro's in-the-present focus.

Easy Install, Unusual Interface
Trend Micro Titanium Antivirus + 2011 installed quickly and easily on all of my malware-infested test systems, even those suffering from malware that has actively prevented installation of other antivirus products. On its first launch, the program notifies users they won't need to check for updatesupdates happen silently and automatically. By default the app schedules a weekly full scan, so users don't have to run scans manually, either.

Initialization of security drivers can add to the time required for booting up a computer. Trend Micro works to minimize this by offering three load options. In the extra security mode, the app loads all drivers immediately. In the extra performance mode it waits until after the system has started. By default, it runs in balanced mode, loading some drives immediately and some later. Even so, I found that the user interface wouldn't open for a minute or two after startupbut that's something the average user won't notice.

That user interface is well-designed and easy to use (for the most part) and it uses Aero-style transparency even when running under Windows XP. A graphical security report displays protective activity over the last month, with an option to view a full log.
That log window illustrates the one big problem with Trend Micro's interface. It lists filenames, malware names, and such in a columnar display whose columns can't be resized. As a result, almost every filename gets cut seriously short, so there's no way to scan the list. Sure, many users never open this page, but those who do should get a chance to see all of the information it offers. Otherwise, why offer it?

Ineffective Malware Cleanup
I usually report on independent lab results for each antivirus, but in this case I just can't. Yes, the labs have evaluated Trend Micro's antivirus products, but not the 2011 Titanium editions. Because of the switch to focusing on up-to-the-minute threats results based on older editions aren't relevant. I feel confident, though, that the standard lab results would jibe with mine.

AV-Test and AV-Comparatives have both performed special dynamic tests that challenge a dozen or more security products to protect test systems against the very latest threats. Trend Micro should excel in these tests; I look forward to seeing the results of the next round.

Trend Micro scanned quicklyabout 20 minutes on my standard clean systembut didn't find much. Each of my infested test systems has three or four malware or keylogger samples installed, but the scan reported nothing on five of those systems. Those threats it found on other test systems weren't cleaned up thoroughly; several were still running after alleged removal.

Trend Micro's detection rate and overall malware removal score are the lowest I've seen. It detected 26 percent of the threats and pulled in just 1.7 out of 10 possible points. It also achieved a new low for removal of scareware (rogue security software)2.4 points. In a separate test using commercial keyloggers, it detected half the samples, but, due to incomplete removal, it got just 2.8 points. When it came to rootkit samples from both the malware and keylogger collections, the app detected 44 percent and scored 1.3 points.

What was I to make of these scores? To be fair, Trend Micro did warn me that the product wouldn't perform well against even slightly older threats, given their focus on the threat of the moment. But this seemed extreme. I pointed out to my contacts that some users might have been suffering malware problems for months before purchasing Trend Micro. I asked if there are any settings or tweaks that would make the product do a better job of cleanup.

My contacts suggested that a user could run the Trend Micro Diagnostic Toolkit and submit the resulting logs for analysis. I rejected that path for two reasons. First, the user wouldn't necessarily know that any problem exists. Second, I'm testing the antivirus product, not the manual analysis skills of the techs in the back room.

Tech support noted that the option to "automatically delete files that show any sign of a threat" is turned off by default and advised turning it on. They also offered a Registry tweak to lower the threshold for an "intensive scan." By default, this extra-deep scan kicks in after the product encounters 100 malware traces; I reset it to 1. Doing so was tough, as the antivirus protects its own Registry entries from change. I had to disable it, tweak the Registry setting, and enable it again.

That's something no normal user would do, but I wanted to give the app another shot, so I tried it. The results were a total disappointment. Even after the configuration changes, five of the test systems still reported no malware at all. The keylogger, rootkit, and scareware scores didn't change, and the overall malware detection rate and score remained the lowest ever, at 31 percent and 2.1 points. For details on how I test malware removal and derive these scores, see How We Test Anti-malware.

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service

//our current issue

Select Term:

24 issues for $29.99 ONLY $1.25 an issue! Lock in Your Savings!

12 issues for $19.99ONLY $1.67 an issue!

State

Country

This transaction is secure

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service